PT-2006-4085 · Hotplug · Hotplug Cms
Guest01
·
Publicado
2006-06-23
·
Atualizado
2016-10-18
·
CVE-2006-3190
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HotPlug CMS version 1.0
Description
The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the
username and password parameters in the administration/includes/login/auth.php file.Recommendations
For HotPlug CMS version 1.0, consider restricting access to the administration/includes/login/auth.php file until a patch is available, and avoid using the
username and password parameters in this context to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Hotplug Cms